﻿using CNKI.TPI.Web.Base;
using System;
using System.Collections.Generic;
using System.Diagnostics;
using System.Linq;
using System.Web;
using System.Web.Mvc;
namespace CNKI.TPI.Web.UI.Filters
{
    public class SecurityActionFilter: ActionFilterAttribute
    {
        //
        // 摘要:
        //     在调用操作方法前调用。
        //
        // 参数:
        //   filterContext:
        //     有关当前请求和操作的信息。
        public override void OnActionExecuting(ActionExecutingContext filterContext)
        {
            if (filterContext.HttpContext.Request.Cookies != null)
            {
                if (safe_360.CookieData())
                {
                    filterContext.HttpContext.Response.Write("<script>alert('您提交的Cookie数据有恶意字符！')</script>");
                    filterContext.HttpContext.Response.End();
                }
            }

            if (filterContext.HttpContext.Request.UrlReferrer != null)
            {
                if (safe_360.referer())
                {
                    filterContext.HttpContext.Response.Write("<script>alert('您提交的Referrer数据有恶意字符！')</script>");
                    filterContext.HttpContext.Response.End();
                }
            }

            if (filterContext.HttpContext.Request.RequestType.ToUpper() == "POST")
            {
                if (safe_360.PostData())
                {
                    filterContext.HttpContext.Response.Write("<script>alert('您提交的Post数据有恶意字符！')</script>");
                    filterContext.HttpContext.Response.End();
                }
            }

            if (filterContext.HttpContext.Request.RequestType.ToUpper() == "GET")
            {
                if (safe_360.GetData())
                {
                    filterContext.HttpContext.Response.Write("<script>alert('您提交的Get数据有恶意字符！')</script>");
                    filterContext.HttpContext.Response.End();
                }
            }
        }
    }
}